Vulnerability Details : CVE-2007-5275
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
Products affected by CVE-2007-5275
- cpe:2.3:a:adobe:shockwave_player:9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-5275
37.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5275
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2007-5275
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5275
-
http://www.redhat.com/support/errata/RHSA-2007-1126.html
Support
-
http://secunia.com/advisories/29865
-
http://www.vupen.com/english/advisories/2008/1697
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://secunia.com/advisories/28570
About Secunia Research | Flexera
-
http://www.adobe.com/support/security/bulletins/apsb07-20.html
Adobe Security Bulletins and Advisories
-
http://securitytracker.com/id?1019116
Access Denied
-
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 200801-07) — Gentoo security
-
http://www.us-cert.gov/cas/techalerts/TA08-100A.html
US Government Resource
-
http://crypto.stanford.edu/dns/dns-rebinding.pdf
-
http://secunia.com/advisories/28157
About Secunia Research | Flexera
-
http://www.redhat.com/support/errata/RHSA-2008-0221.html
-
http://www.securityfocus.com/bid/26930
-
http://www.adobe.com/support/security/bulletins/apsb08-11.html
-
http://secunia.com/advisories/30430
About Secunia Research | Flexera
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250
-
http://secunia.com/advisories/28161
About Secunia Research | Flexera
-
http://www.us-cert.gov/cas/techalerts/TA07-355A.html
Page Not Found | CISAUS Government Resource
-
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
502 Bad Gateway
-
http://secunia.com/advisories/28213
About Secunia Research | Flexera
-
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Page Not Found | CISAUS Government Resource
-
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
-
http://secunia.com/advisories/30507
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2008/1724/references
Site en construction
-
http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
-
http://www.vupen.com/english/advisories/2007/4258
Site en construction
-
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
-
http://secunia.com/advisories/29763
Jump to